Intel has released security and firmware updates that fix vulnerabilities in multiple Intel products.
In all, Intel released 11 separate advisories covering a broad range of hardware and software products.
A summary of the Intel security updates include:
- Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory (INTEL-SA-00226).
- Chipset Device Software (INF Update Utility) Advisory (INTEL-SA-00224).
- ITE Tech Consumer Infrared Driver for Windows 10 Advisory (INTEL-SA-00206).
- NUC Firmware Advisory (INTEL-SA-00264).
- Omni-Path Fabric Manager GUI Advisory (INTEL-SA-00257).
- Open Cloud Integrity Technology and OpenAttestation Advisory (INTEL-SA-00248).
- Partial Physical Address Leakage Advisory (INTEL-SA-00247).
- PROSet/Wireless WiFi Software Advisory (INTEL-SA-00232).
- RAID Web Console 3 for Windows Advisory (INTEL-SA-00259).
- SGX for Linux Advisory (INTEL-SA-00235).
- Turbo Boost Max Technology 3.0 Advisory (INTEL-SA-00243).
A brief snapshot of each of the updates and summary of vulnerabilities fixed are also listed below.
1) Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory (INTEL-SA-00226)
Summary: “Potential security vulnerabilities in Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise (RSTe) may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.”
Also, the vulnerability CVE-2019-0130 is rated a CVSS base score 6.1 and Medium severity.
2) Chipset Device Software (INF Update Utility) Advisory (INTEL-SA-00224)
Summary: “A potential security vulnerability in the Intel® Chipset Device Software (INF Update Utility) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.”
In addition, the vulnerability CVE-2019-0128 is rated a CVSS base score 3.9 and Low severity.
3) ITE Tech Consumer Infrared Driver for Windows 10 Advisory (INTEL-SA-00206)
Summary: “A potential security vulnerability in the ITE Tech* Consumer Infrared Driver for Windows 10 may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.”
Also, the vulnerability CVE-2019-3702 is rated a CVSS base score 6.7 and Medium severity.
4) NUC Firmware Advisory (INTEL-SA-00264)
Summary: “Potential security vulnerabilities in system firmware for Intel® NUC may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.”
Furthermore, seven vulnerabilities were addressed, all high severity: CVE-2019-11123, CVE-2019-11124, CVE-2019-11125, CVE-2019-11126, CVE-2019-11127, CVE-2019-11128 and CVE-2019-11129.
5) Omni-Path Fabric Manager GUI Advisory (INTEL-SA-00257)
Summary: “A potential security vulnerability in Intel® Omni-Path Fabric Manager GUI may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.”
Also, the vulnerability CVE-2019-11117 is rated a CVSS base score 6.7 and Medium severity.
6) Open Cloud Integrity Technology and OpenAttestation Advisory (INTEL-SA-00248)
Summary: “Multiple potential security vulnerabilities in Open Cloud Integrity Technology (Open CIT) and OpenAttestation may allow information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.”
To add, nine low severity vulnerabilities were addressed: CVE-2019-0175, CVE-2019-0177, CVE-2019-0178, CVE-2019-0179, CVE-2019-0180, CVE-2019-0181, CVE-2019-0182, CVE-2019-0183, and CVE-2019-11092.
7) Partial Physical Address Leakage Advisory (INTEL-SA-00247)
Summary: “A potential security vulnerability in some microprocessors may allow partial information disclosure via local access.”
Also, the vulnerability CVE-2019-0174 is rated a CVSS base score 3.8 and Low severity.
8) PROSet/Wireless WiFi Software Advisory (INTEL-SA-00232)
Summary: “A potential security vulnerability in Intel® PROSet/Wireless WiFi Software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.”
To add, the vulnerability CVE-2019-0136 is rated a CVSS base score 4.7 and Medium severity.
9) RAID Web Console 3 for Windows Advisory (INTEL-SA-00259)
Summary: “A potential security vulnerability in the Intel® RAID Web Console 3 (RWC3) for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.”
Of special note, this vulnerability CVE-2019-11119 is rated a CVSS base score 8.9 and High severity.
10) SGX for Linux Advisory (INTEL-SA-00235)
Summary: “A potential security vulnerability in the Intel® SGX driver for Linux* may allow a denial of service. Intel is releasing software updates to mitigate this potential vulnerability.”
To add, the vulnerability CVE-2019-0157 is rated a CVSS base score 6.5 and Medium severity.
11) Turbo Boost Max Technology 3.0 Advisory (INTEL-SA-00243)
Summary: “A potential security vulnerability in the Intel® Turbo Boost Max Technology 3.0 driver may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation notice for the Intel® Turbo Boost Max Technology 3.0 driver.”
Also, the vulnerability CVE-2019-0164 is rated a CVSS base score 6.7 and Medium severity.
As noted, Intel has released software updates to mitigate the potential vulnerabilities for most supported products listed above. Check out each of the advisories for details on upgrades available for download.